﻿<?xml version="1.0" encoding="utf-8"?>
<!--Code Generated Analysis XML-->
<ULA>
  <Configuration>
    <Version>1.0.0</Version>
    <Product>SharePoint Server</Product>
    <Analysis>
      <Category>Authentication and Authorization</Category>
      <XMLDescription>Authentication and Authorization</XMLDescription>
    </Analysis>
  </Configuration>
  <ULAQuery>
    <Query>
	<ID>5520955f-6745-4ce4-90ad-2ae9941ac356</ID>
	<Title>STS claims provider error - Event 8307 </Title>
	<Parameters>
		<EventID>8307 </EventID>
		<Message>http://technet.microsoft.com/en-us/library/ff535778</Message>
		<SQLQuery>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8307'</SQLQuery>
		<RelevantLogCollection>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8307'</RelevantLogCollection>
		<Symptom>One or more of the following symptoms might appear:

Users are unable to log on to Microsoft SharePoint Foundation 2010.


Logon fails.


People Picker fails to search or resolve and return an error message.


This event appears in the event log: Event ID: 8307 Description: An exception occurred in [Claim Provider Name] claim provider when calling [Method Name]: [Exception].
</Symptom>
		<Description>The Security Token service (STS) experienced an error.</Description>
		<Cause>An error occurred with the claims provider that is specified in the exception description.</Cause>
		<Articles>http://technet.microsoft.com/en-us/library/ff535778</Articles>
	</Parameters>
</Query>
    <Query>
      <ID>bddaca69-504e-4aaa-af35-891731225e37</ID>
      <Title>Claims cannot establish endpoint - Event 8305 </Title>
      <Parameters>
        <EventID>8305 </EventID>
        <Message>http://technet.microsoft.com/en-us/library/ff535776</Message>
        <SQLQuery>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8305'</SQLQuery>
        <RelevantLogCollection>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8305'</RelevantLogCollection>
        <Symptom>One or more of the following symptoms might appear:

Users are unable to log on to Microsoft SharePoint Foundation 2010.


Logon fails.


This event appears in the event log: Event ID: 8305 Description: An exception occurred when trying to establish endpoint for context: [exception].</Symptom>
        <Description>The Security Token service (STS) claims authentication cannot establish an endpoint.</Description>
        <Cause>The claims provider is not configured correctly.</Cause>
        <Articles>http://technet.microsoft.com/en-us/library/ff535776</Articles>
      </Parameters>
    </Query>
    <Query>
      <ID>1ee2297e-8ba2-4404-bcb0-1ccf0b40487c</ID>
      <Title>STS cannot sign credentials - Event 8304 </Title>
      <Parameters>
        <EventID>8304 </EventID>
        <Message>http://technet.microsoft.com/en-us/library/ff535774</Message>
        <SQLQuery>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8304'</SQLQuery>
        <RelevantLogCollection>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8304'</RelevantLogCollection>
        <Symptom>One or more of the following symptoms might appear:

Users are unable to log on to Microsoft SharePoint Foundation 2010.


Logon fails.


People Picker fails to search or resolve and return an error message.


This event appears in the event log: Event ID: 8307 Description: An exception occurred when trying to create signing credential: [exception].
</Symptom>
        <Description>The Security Token service (STS) cannot sign user credentials. 
</Description>
        <Cause>An error occurred with the claims provider that is specified in the exception description.</Cause>
        <Articles>http://technet.microsoft.com/en-us/library/ff535774</Articles>
      </Parameters>
    </Query>
    <Query>
      <ID>5a4fa5c0-6621-4dea-9562-09104ba3ca69</ID>
      <Title>STS signing certificate missing - Event 8303 </Title>
      <Parameters>
        <EventID>8303 </EventID>
        <Message>http://technet.microsoft.com/en-us/library/ff468692</Message>
        <SQLQuery>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8303'</SQLQuery>
        <RelevantLogCollection>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '8303'</RelevantLogCollection>
        <Symptom>One or more of the following symptoms might appear:

Users are unable to log in to SharePoint 2010 Products.


This event appears in the event log: Event ID: 8303 Description: The Access Data Services is no longer available. [Session: [session ID] User: [username]].
</Symptom>
        <Description> The Security Token service (STS) signing certificate that Microsoft SharePoint 2010 Products uses to authenticate users is missing.
</Description>
        <Cause> One of the following might be the cause:

The STS signing certificate that is included with SharePoint 2010 Products is missing.


The self-signed STS signing certificate, or the external certificate that you are using, is missing.
</Cause>
        <Articles>http://technet.microsoft.com/en-us/library/ff468692</Articles>
      </Parameters>
    </Query>
    <Query>
      <ID>3f572b71-c94d-4903-9a45-1468e642696b</ID>
      <Title>Application pool account must be registered as Kerberos - Event 6590 </Title>
      <Parameters>
        <EventID>6590 </EventID>
        <Message>http://technet.microsoft.com/en-us/library/ee513049</Message>
        <SQLQuery>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '6590'</SQLQuery>
        <RelevantLogCollection>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '6590'</RelevantLogCollection>
        <Symptom>This event appears in the event log: Event ID: 6590 Description: The application pool account has insufficient permissions to add user accounts to Active Directory. When using Kerberos authentication, the service account used by the Internet Information Services (IIS) application pool for your Web application must be registered in Active Directory as a Service Principal Name (SPN) on the domain on which the Web front-end is a member.
</Symptom>
        <Description>Microsoft SharePoint Foundation 2010 can use the authentication providers that are provided by Windows Server 2008 to authenticate users. For example, Microsoft SharePoint Foundation can use forms-based authentication or Web single sign-on.

When using the Kerberos version 5 authentication protocol, the service account that is used by the Internet Information Services (IIS) application pool for your Web application must be registered in Active Directory Domain Services (AD DS) as an SPN on the domain on which the front end Web server is a member.</Description>
        <Cause>One or more of the following might be the cause:

If using Kerberos v5 authentication, the Web application pool account is not a registered security provider name.


If using either forms-based authentication or Web single sign-on, the authentication provider could not be loaded because no membership provider name was specified.


The Web application pool must be restarted for changes to be saved.</Cause>
        <Articles>http://technet.microsoft.com/en-us/library/ee513049</Articles>
      </Parameters>
    </Query>
    <Query>
      <ID>ea957da2-ec0c-4ae0-b245-f49de0550ae1</ID>
      <Title>Unable to load authentication provider - Event 6143 </Title>
      <Parameters>
        <EventID>6143</EventID>
        <Message>http://technet.microsoft.com/en-us/library/ff519267</Message>
        <SQLQuery>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '6143'</SQLQuery>
        <RelevantLogCollection>SELECT TOP 1 * FROM [ULAtablename] WHERE EventID = '6143'</RelevantLogCollection>
        <Symptom>One or more of the following symptoms might appear:

User authentication fails to work correctly, which prevents users from accessing content.


User tokens are not updated by using correct role memberships, which prevents users from accessing content that they would expect to have access to, based on their roles.


Event 6143 might appear in the event log with one of the following descriptions: 


Description: Cannot get Membership Provider with name [Membership Provider Name]. The membership provider for this process was not properly configured. You must configure the membership provider in the .config file for every SharePoint process.


Description: Cannot get Role Manager with name [Role Manager Name]. The role manager for this process was not properly configured. You must configure the role manager in the .config file for every SharePoint process.</Symptom>
        <Description>To authenticate users, Microsoft SharePoint 2010 Products uses the authentication providers that are provided by Windows Server 2008 R2 — such as forms authentication or Web single sign-on (SSO) authentication — by other versions of Windows, and by third-party vendors. 

When using Kerberos v5 authentication, the service account used by the Internet Information Services (IIS) application pool for your Web application must be registered in Active Directory as a Service Principal Name (SPN) on the domain on which the front-end Web server is a member.

This error indicates that the role manager or membership provider that is specified for a particular Web application is incorrectly configured.</Description>
        <Cause>The role manager or membership provider specified for a particular Web application may be incorrectly configured.</Cause>
        <Articles>http://technet.microsoft.com/en-us/library/ff519267</Articles>
      </Parameters>
    </Query>
  </ULAQuery>
</ULA>